In Brazil, where the credit card is one of the main forms of payment and digital data has a value comparable to that of cash, the risks of online fraud are becoming increasingly prevalent, demanding increased attention from consumers and companies
To get an idea of the scale of the problem, four out of ten Brazilians have already been victims of scams and financial fraud in the country, what represents 42% of Brazilians. The data is from the "2024 Digital Identity and Fraud Report", a survey conducted by Serasa Experian
Another study, now from the National Confederation of Shopkeepers (CNDL) and the Credit Protection Service (SPC Brazil), in partnership with Sebrae, shows that about 8,4 million consumers reported fraud in financial institutions in the last 12 months. Among the blows, credit and debit card cloning is the main type of fraud.
Although approximately 70% of Brazilians have three or more cards, as pointed out by Serasa, the perception of risk is still low. About 69% of Brazilians continue to underestimate the danger of entering financial data on websites and apps, what leaves a large portion of the population exposed to digital scams and cyber attacks.
Amid the growing alert about digital security, good news arises: new initiatives and technological advancements are making the online environment safer every day.
Recently, the PCI Security Standards Council (PCI SSC) proposed new guidelines for the ongoing development and enhancement of security standards, applicable to companies that store, process or transmit payment data, as well as to developers and manufacturers of software and devices used in transactions. PCI is a global organization, that brings together the main players in the payment industry to promote the use of resources for secure transactions.
"As threats and technology evolve", the PCI DSS standards are also updated. Thus, it is necessary to stay alert, now, to the new requirements and make the necessary adjustments, Wagner Elias alert, CEO of Conviso, application security solution developer
Among the updates are those of the Payment Card Industry Data Security Standard (PCI DSS), created to protect the entire value chain of card payments. Your compliance requirements cover everything from the storage of cardholder data to the security of access to sensitive payment information
In summary, it is necessary to strengthen the protection of customer data, implementing additional measures to prevent unauthorized access, says the specialist
Thus, companies will need to adapt and invest in new technologies. To get an idea, some of these solutions are capable of providing a comprehensive view of the risks related to each application. These tools integrate different systems, centralizing information and assisting in prioritizing actions, everything continuously, explains the CEO of Conviso, about your platform Conviso Platform Application Security Posture Management (ASPM), released in 2010
However, the specialist emphasizes that many companies still adopt a reactive stance regarding the security of their systems, only prioritizing the theme after suffering an attack. This behavior, according to him, it is concerning, because security breaches can lead to significant financial losses and irreparable damage to the organization's reputation, that could be avoided with preventive measures
For him, when considering the creation of new software, it is essential that the company incorporates security at every stage of the creation cycle, going from the requirements gathering (the first phase that analyzes what the app will do) to the deploy (production and final delivery).
To avoid these risks, the great differential is to adopt Application Security practices from the beginning of the development of the new application. This ensures the incorporation of protective measures at all stages of the software life cycle. In addition to being significantly more economical than remedying the damage after an incident, investing in preventive security is much more effective. This allows for the prevention of attacks, protect sensitive data, ensure compliance with legislation and guidelines, and ensure that the application is safe and reliable for users from the start, says the specialist
Wagner explains that the company develops solutions that integrate security into DevOps, allowing each line of code to be developed with protection practices, in addition to services such as penetration testing and vulnerability mitigation. "Conducting continuous security analyses and test automation allows companies to meet standards without compromising efficiency", Wagner stands out
In addition to the implementation of robust technologies, the CEO of Conviso emphasizes the importance of specialized consulting, that help companies adapt to the requirements of PCI DSS 4.0 and other regulations. Offensive services such as Penetration Testing, Red Team and third-party security assessments promote a proactive and comprehensive security approach, identifying and correcting vulnerabilities before they can be exploited.
Investments must accelerate
This transformation in digital security not only reinforces consumer trust in a safe online environment, as well as keeping pace with the rapid growth of the application security market, that should expand from US$ 11,62 billion in 2024 for US$ 25,92 billion by 2029, according to Mordor Intelligence. Implementing cutting-edge technology marks a turning point in digital protection and reinforces trust in a market that depends, more than ever, of security to thrive, concludes Wagner.
Check the list of the 12 requirements of PCI DSS that compliance verification 4.0 must meet
- Install and maintain a firewall
- Delete vendor default configuration
- Protect stored cardholder data
- Encrypt the transmission of payment data
- Regularly update your antivirus software
- Deploy secure systems and applications
- Restrict access to cardholder data as needed
- Assign user access ID
- Restrict physical access to data
- Track and monitor network access
- Continuously test processes and systems for vulnerabilities
- Create and maintain an infosec policy
The implementation of the PCI DSS 4 guidelines.0 is being done in two phases
- The first phase, with 13 new requirements, the deadline was March 31, 2024
- The second phase, with 51 additional requirements, must be implemented by March 31, 2025
